Help

Locking devices with expired MDM profile

kbreed27
Contributor

Posted on ‎05-10-2023 01:53 PM

Super quick question you guys may know... 

 

I'm having trouble finding documentation on this, but I ran into a JAMF nation post that suggested that JAMF Lock Commands can be issued to devices that are no longer checking in with our JAMF instance or have expired MDM profiles because it leverages APNS and just needs an internet connection (connection to my specific instance is not required, based on the post). So, some of these devices that are in still my instance and had profiles that expired months/years ago, would in theory, be able to be locked by the JAMF command.

 

Is this true? Can I lock devices even if I seemingly have no other management over them? This doesn't seem right...

 

in my experience with JAMF, once the MDM profile is expired it's basically gone from my management abilities until it's re-enrolled.

0 Kudos
1 REPLY 1

sdagley
Esteemed Contributor II

Posted on ‎05-10-2023 07:14 PM

@kbreed27 I have never had occasion to try and lock a device that had expired MDM Profiles, and I wouldn't expect that to work, but I have in the past been able to mark a Mac as unmanaged in my JSS to reclaim the license scount and have that Mac then process a pending Lock command (the Lock has to staged before un-managing the Mac as the option to issue the Lock goes away once it's unmanaged)

0 Kudos